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Operations Security 
OPSEC 


OPSEC is a process that identifies critical 
information, outlines potential threats and risks 
and develops counter measures to safeguard 
critical information 


Identify Critical 
Information 


Analyze 
Vulnerabilities 


Analyze the 
Apply Threat 


Countermeasures 


Assess Risk 
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ts Critical Information 


e Information we must protect to ensure 
>UGESSRation the adversary needs to prevent our success. 


- Names and photos of - Position, mission 
you, your family and capabilities and 
co-workers limitations 

- Usernames, passwords, - Operations & missions 
network details - Schedules and travel 

- Job title, location, salary, itineraries 
clearances - Social security number, 

- Physical security and credit cards, banking 
logistics information D 


- Hobbies, likes, dislik l 
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Data Aggregation 


e Information collection 
from multiple sources 


e Al Qaeda handbook: 
open and legal public 
sources accounts for 
80% of all information 
collected 


e Legal and illegal 
collection methods 
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Potential Vulnerabilities 


Methods used to obtain Critical 
Information: 


e Unprotected communications 


e Sharing too much with ctrancaerec __ TS a 

e HUMINT Observatii VIRGINIA E 
e Technology N? INTEL = —_— = 
e Trash EE 

e Media - qe 

* Email i= =< 
e Web pages | 


e Social Networking $ 35 f 


Illegal methods are OK with adversaries!!! 
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a Social Networking 


Social Networking Sites (SNS) allow people to network, 
interact and collaborate to share information, data and 


ogle without geographic boundaries. 
Goo Q e€ Ofriendster. 


os 
Mio 


Flickr) 
w 


netvibes 


Linked fj). 
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Revised Statement of Rights 


& Responsibilities 


“You own all of the content & information you post.” 
“You specifically give us the following permission, 


Consent to Collection and Processing 
in the United States. By using 
Facebook, you consent to having 


your personal data transferred to 
and processed in the United States. 


“We may collect information about you from other 
users. 


“Sometimes we share aggregated information with 
third parties.” 
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a Why use a SNS? 


Personally 

e Entertaining 

e Maintain Relationships 
e Network 

e Centralized information 


Professionally 

e Marketing/recruiting 

e Public Relations 

e Connect with customers 


e Solicit ideas and 
feedback 
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Bad guys use it, too: 


e Stalkers 

e Thieves 

e Terrorist 

e Hackers 

e Phishers/Scammers 
e Enemy organizations [%9 fe- Titefndt | 
e Pedophiles Predators | 


e And the list goes on... 
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A 
KEL Al-Qaeda he Danger 2009: 


“The affair with the U.S. Navy began several years ago, when the lions of Al- Qaeda 
struck the destroyer U.S.S. Cole, in Yemen; now, with Allah’s help, all the American 
vessels in the seas and oceans, including aircraft carriers, submarines, and all 


Information on every U.S. Naval unit should 
be quietly gathered...what state they are 
from, their family situation, and where 
their family members live.. 


..search for the easiest ela of striking 


. Do not underestimate the importance of 
any piece of information, as simple as it 
may seem.... 
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Social Networking Websites 


and Your Security Clearance 


The following is a security awareness statement signed by the 


Question 14 of the National Agency 
Questionnaire (SF-86) asks for names 
of your relatives and associates. The 


term associate is defined as any 
foreign national that you or your 
spouse are bound by affection, 


DLiGea ios th ah g 
The term associate is Spetseny foccins national 
that you or your spouse are bound by affection, 
obligation, or close and continuing contact. 
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2 DO'S & DON'TS of 
SOCIAL NETWORKING 
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“Do’s” 


Do: Remember Computer Security 


Do not be an easy target for computer crimes 


Hacking 
Theft 
Planted code 
VS. 
Antivirus software 
Firewalls 
Strong Passwords 
Permission Settings 
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ca “Do’s” 


Do: Verify All Friend Requests 


Social engineering and “conning” starts with a 
friend request 


Adversaries can get the data f 


e Free people search engines 
e Other SNS’s 


e Your posts/profile 
e Your friends posts/profile 


Verify Requests Before Approving 
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ioe "D O , S ” 


Do: Utilize All Available privacy 


Customize available 
settings to be as 
secure as possible 


öğ “Everyone” may þe 
accessed by anyone 
with access to TD Se, 


ee “Do’s” 


Do: Watch Your Friends Settings 


Sure your profile is secure, but what about 
your 115 friends profile settings? 
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“Do’s” 


Do: Closely Monitor Your Children’s 
Use of the Internet 

Cyber-bulling 
Kidnapping 

“Sexting” 

Stalking 

Pedophiles 

- 500,000+ registered 
Offenders in the USA 
- 95,000 registered sex <a 
offenders profiles on Myspace “S===i® 
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ee tt D O d S y 


Do: Verify Links & Files Before Executing 


Would you follow a link in e-mail? Would you 
download and run an attachment? Then why 
do you do these things 


e Phishing scams 

e Malicious coding 

° Viruses 

e Scareware YOUR SYSTEM MAY BE 
INFECTED! 


Scanning: 


DOWNLOAD 


Verify before execut 


FREE'SCAN'NOW! 
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“Do’s” 


Do: Blog with Caution 


e Avoid details, don’t get personal 
e Who is reading your blog? 
e Lessons learned 101 for the 


AVC Tite 
The Hooah dHooah Wife 


, TE > z 
Reflections, thoughta, and nambfings of 

. m CA 
O oo 
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“Do’s” 


Do: Understand the Risks Associated 
with Geotagging 


e Location/GPS data attached to photo, 

e Feature in Smartphones and digital#, 
- Lat/Long 
- Device details 

e “Check-in” feature 
- Facebook Places n asus 
- Google Latitude Bk Oh epee 
- Foursquare , io =e 
- Gowalla ) s 
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“Do’s” 


Do: Be an Informed User ofa SNS 


e How much personal information do you 
broadcast? 

e Are you very careful about what details you 
post? 

e Do you understand data aggregation issues? 

e Are you willing to find and learn all the 
security settings a eep up with them as 
they change? 


Are you willittg to accept the risk? 
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“Do’s” 
Do: Have a Contingency Plan 


KIA, MIA, POW 


What details will the advers 
have to use against y 


What information will the 
media have access to? 


Power of Attorney 
Memorial pages 
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“Do’s” 


Do: Assume the Internet is FOREVER 


e There is no true delete on the internet 
e WWW means World Wide Web 

e Every Picture 
e Every Post 


e Every Detail for eV er 
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ee “Do’s” 


Do: Understand Official DON Guidance 
That Governs Military Personnel Use 
of SNS’s 


e DON ALNAV 056/10 Official Internet Posts 


- Social media posts in an official capacity 


e DON ALNAV 057/10 Unofficial Internet Posts 
- Any content posted about the DON by DON 
personnel in an unofficial & personal capacity 
- DON personnel are responsible for all DON N 
related content they publish on the interne iN 
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“Don’ts ” 


Don’t: Use the Same Passwords 


e Hackers count on users using the same 
passwords for multiple accounts 


e Password] is not a strong password 


Password: 


Strength: Weak | 


flickr- manwa bh -passw rd 
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hee “Don’ts dd 


But it’s set to private ... right? |: 


e Hackers 
e Incorrect or incomplete settin). 
e Sale of data 
Upgrades/site changes s T 
“Risks inherent in sharing information” 

“USE AT YOUR OWN RISK. We do not guarantee 
that only authorized persons will view your 
information.” 
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hee “Don’ts” 
Don’t: Trust Add-On’s or Applications 


e Plugins, Games, Applications 
- Third Party Software 
- Applications designed to collect data 
- Malicious code 


- Separate terms of use & privacy 
e “We are not responsible for © 


measures.” 
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ee “Don’ts yy 


Don’t: Grant the Same Access to Everyone 


e Don’t treat all Friends equally 
e Control & customize individual access 


e Do create groups 
- Poker club 


| @ Only Friends ~ 


p Family [i only Friends > 
° Set permissions for everything sus» | [aomas 
- Your status sis eiae ok k a 
- Photos : on 
- Postings poeanicatand 


Edit Settings 


& Only Friends v 
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ee “Don’ts ” 


Don’t: Discuss Details 


e Never post anything you 

would not tell directly to the e 
e Never post private or person 
information- no matter how sec 
you think your settings are 
e Assume the information you : 
will be made public 


Details make you vulnerable 


UNCLASSIFIED 


Questions? 


Countries don’t have friends... 


Please contact the NOST for 
assistance or any of the 
following: 


e Computer-based training 
e FRG/Ombudsman support 
e OPSEC & other tailored 


briefs 

* Videos , posters, They have interests. Which 
brochures & fliers country is interested in 

e OPSEC Reminder Cards what you do? 

e Two-day Navy OPSEC Naval OPSEC Support Team 
Officer course opsec@navy.mil 

a 757-417-7100 
General OPSEC support www.facebook.com/NavalOPSEC 

e Other Resources www.twitter.com/NavalOPSEC 


www.slideshare.net/NavalOPSEC 
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